Before you upgrade any
vCenter Server that belongs to a Linked Mode group, remove it from the Linked
Mode group. Upgrading vCenter Servers that are members of a Linked Mode group
can cause the upgrade to fail, and can leave vCenter Servers in an unusable
state. After you upgrade all members of a Linked Mode group to the same version
of 5.1.x, you can rejoin them.

■

If you do
not intend to use evaluation mode, make sure that you have valid license keys
for all purchased functionality. License keys from vSphere versions prior to
version 5.0 are not supported in vCenter Server 5.x. If you do not have the
license key, you can install in evaluation mode and use the vSphere Client or
vSphere Web Client to enter the license key later.

■

Close all instances of the
VI Client, the vSphere Client, and the vSphere Web Client.

■

Verify that the system on
which you are upgrading vCenter Server is not an Active Directory primary or
backup domain controller.

■

Verify
that the NETWORK SERVICE account has read permission on the folder in which
vCenter Server is installed and on the HKLM registry.

■

Verify
that the NETWORK SERVICE account has read and execute permissions on the folder
where the RSA SSPI service is located. The default location is:
C:\Program
Files\VMware\Infrastructure\SSOServer\utils\bin\windows-x86_64\.

■

Either remove any ESX
Server 2.x or 3.x hosts from the vCenter Server inventory or upgrade these
hosts to version 4.0 or later.

Verify that the fully
qualified domain name (FQDN) of the system where you will upgrade vCenter
Server is resolvable. To check that the FQDN is resolvable, type
nslookup
your_vCenter_Server_fqdn
at a command line prompt. If the FQDN is resolvable, the
nslookup command returns the IP and name of
the domain controller machine.

■

Run the vCenter Host Agent
Pre-Upgrade Checker.

■

The installation path of
the previous version of vCenter Server must be compatible with the installation
requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). The
installation path cannot contain any of the following characters: non-ASCII
characters, commas (,), periods (.), exclamation points (!), pound signs (#),
at signs (@), or percentage signs (%). If your previous version of vCenter
Server does not meet this requirement, you must perform a clean installation of
vCenter Server 5.1.x.

■

Back up the SSL
certificates that are on the vCenter Server system before you upgrade to
vCenter Server 5.1.x. The default location of the SSL certificates is
%allusersprofile%\Application
Data\VMware\VMware VirtualCenter.

■

Make sure that SSL
certificate checking is enabled for all vSphere HA clusters. If certificate
checking is not enabled when you upgrade, HA will fail to configure on the
hosts. Select
Administration > vCenter Server
Settings > SSL
Settings > vCenter requires verified host
SSL certificates. Follow the instructions to verify
each host SSL certificate and click
OK.

■

If the vCenter Server 4.x
environment that you are upgrading includes Guided Consolidation 4.x, uninstall
Guided Consolidation before upgrading to vCenter Server 5.1.x.

■

Before the vCenter Server
upgrade, in the Administrative Tools control panel of the vCenter Single
Sign-On instance that you will register vCenter Server to, verify that the
vCenter Single Sign-On and RSA SSPI services are started.

■

You must log in as a
member of the Administrators group on the host machine, with a user name that
does not contain any non-ASCII characters.

Network
Prerequisites

■

Verify that DNS reverse
lookup returns a fully qualified domain name when queried with the IP address
of the vCenter Server. When you upgrade vCenter Server, the installation of the
web server component that supports the vSphere Client fails if the installer
cannot look up the fully qualified domain name of the vCenter Server from its
IP address. Reverse lookup is implemented using PTR records. To create a PTR
record, see the documentation for your vCenter Server host operating system.

■

If you use DHCP instead of
a manually assigned (static) IP address for vCenter Server, make sure that the
vCenter Server computer name is updated in the domain name service (DNS). Test
this is by pinging the computer name. For example, if the computer name is
host-1.company.com,
run the following command in the Windows command prompt:

ping host-1.company.com

If you can ping the computer name, the name is updated in DNS.

■

Ensure that the ESXi host
management interface has a valid DNS resolution from the vCenter Server and all
vSphere Clients. Ensure that the vCenter Server has a valid DNS resolution from
all ESXi hosts and all vSphere Clients.

■

For the vCenter Single
Sign-On installer to automatically discover Active Directory identity sources,
verify that the following conditions are met.

■

The Active Directory
identity source must be able to authenticate the user who is logged in to
perform the Single Sign-On installation.

■

The DNS of the Single
Sign-On Server host machine must contain both lookup and reverse lookup entries
for the domain controller of the Active Directory. For example, pinging
mycompany.com should
return the domain controller IP address for
mycompany. Similarly,
the
ping
-a command for that IP address should return the domain controller
hostname. Avoid trying to correct name resolution issues by editing the hosts
file. Instead, make sure that the DNS server is correctly set up.

■

The system clock of
the Single Sign-On Server host machine must be synchronized with the clock of
the domain controller.

Perform a complete backup
of the vCenter Server database before you begin the upgrade.

If you choose to remove
the DBO role, you can migrate all objects in the DBO schema to a custom schema.
See the VMware knowledge base article at
http://kb.vmware.com/kb/1036331.

■

You must have login
credentials, the database name, and the database server name that will be used
by the
vCenter Server
database. The database server name is typically the ODBC System database source
name (DSN) connection name for the vCenter Server database.

To use a newly supported
Microsoft SQL database, such as Microsoft SQL 2008, you do not need to perform
a clean installation of vCenter Server if your existing database is also
Microsoft SQL Server. For example, you can upgrade a Microsoft SQL Server 2000
database to Microsoft SQL Server 2005 or Microsoft SQL Server 2008 and then
upgrade vCenter Server 4.0 or higher to vCenter Server 5.1.x. When you migrate
the database from Microsoft SQL Server 2000 to Microsoft SQL Server 2005 or
higher, set the compatibility level of the database to 90.

■

JDK 1.6 must be installed
on the vCenter Server machine. In addition,
sqljdbc4.jar must be
added to the CLASSPATH variable on the machine where vCenter Server is to be
upgraded. If it is not installed on your system, the vCenter Server installer
installs it. The JDK 1.6 installation might require Internet connectivity.

■

Your system DSN must be
using the SQL Native Client driver.

■

If you choose to remove
the DBO role and migrate all objects in the DBO schema to a custom schema, as
described in the VMware knowledge base article at
http://kb.vmware.com/kb/1036331,
grant the following permissions to the vCenter user in the vCenter database:

GRANT SELECT on msdb.dbo.syscategories to <user>;
GRANT SELECT on msdb.dbo.sysjobsteps to <user>;
GRANT SELECT ON msdb.dbo.sysjobs to <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_update_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_category TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO <user>;

Prerequisites for
Oracle Databases

■

To use a newly supported
Oracle database, such as Oracle 11g, you do not need to perform a clean
installation of vCenter Server if your existing database is also Oracle. For
example, you can upgrade your existing Oracle 9i database to Oracle 10g or
Oracle 11g and then upgrade vCenter Server 4.x to vCenter Server 5.1.x.

■

The JDBC driver file must
be included in the CLASSPATH variable.

■

Either assign the DBA role
or grant the following permissions to the user:

After the upgrade is
complete, you can optionally remove the following permissions from the user
profile: create any
sequence and
create any
table.

By default, the
RESOURCE
role has the CREATE
PROCEDURE,
CREATE
TABLE, and
CREATE
SEQUENCE privileges assigned. If the
RESOURCE
role lacks these privileges, grant them to the vCenter Server database user.

Prerequisite for IBM
DB2 Databases

■

To use a newly supported
IBM DB2 database, you must use vCenter Server 4.0 Update 1 or higher. Previous
releases of vCenter Server do not support DB2 databases.

■

Grant the following
permission to the user:

grant select on sysibmadm.applications to user <dbusername>

Prerequisite for the
vCenter Single Sign-On Database

■

Create a vCenter Single
Sign-On database, unless you plan to install the bundled database.

■

If you are using an
existing database with your vCenter Single Sign-On installation or upgrade,
make sure that the table spaces are named RSA_DATA and RSA_INDEX. Any other
table space names will cause the vCenter Single Sign-On Installation to fail.

■

If you are using an
existing database for Single Sign-On, to ensure that table space is created for
the database, run the script
rsaIMSLiteDBNameSetupTablespaces.sql.
The script is included in the vCenter Server installer download package, at
vCenter Server Installation
directory\Single Sign On\DBScripts\SSOServer\Schema\your_existing_database.
You can run the script prior to the vCenter Server upgrade, or during the
upgrade, when you are prompted by the Single Sign-On installer. You can leave
the installer to run the script, and resume the installer after you run the
script.

■

If you are using an
existing database for Single Sign-On, you must create a database user
(RSA_USER) and database administrator (RSA_DBA) to use for the Single Sign-On
database installation and setup. To create these users, run the script
rsaIMSLiteDBNameSetupUsers.sql.
The script is included in the vCenter Server installer download package, at
vCenter Server Installation
directory\Single Sign On\DBScripts\SSOServer\Schema\your_existing_database.

■

If you are using an
existing Microsoft SQL Server database for Single Sign-On, and you want to use
a dynamic port, you must provide a named instance for the SQL database during
the Single Sign-On installation. The instance name created during Microsoft SQL
Server installation usually defaults to MSSQLSERVER. For non-default instance
names, you can determine the instance name after Microsoft SQL Server is
installed by using the SQL Configuration Manager. Under SQL Server Network
Configuration, the SQL Configuration Manager lists all available instances of
the SQL installation.

■

If you install Single
Sign-On with an external Microsoft SQL Server database, using a static port,
and you have a firewall between Single Sign-On and the external database, you
must open a static port on the firewall to communicate between Single Sign-On
and the database. For example, to do this in Windows Server 2008, you can add a
static port in the Windows Firewall Control Panel.

Note

The procedure for
your firewall software may differ.

■

If you install Single
Sign-On with an external Microsoft SQL Server database, and you use the dynamic
port option, and you have a firewall between Single Sign-On and the external
database, you must open a firewall port for the SQL Browser Service. The SQL
Server Browser Service serves incoming requests for SQL Server connection by
providing information about installed instances of SQL Server. The SQL Browser
Service usually uses UDP port 1434. You must also add the SQL Server instance
that you want to access through the firewall.